Lucene search

CiscoVULNRICHMENT:CVE-2024-20321

HistoryFeb 28, 2024 - 4:14 p.m.

CVE-2024-20321

2024-02-2816:14:28

cisco

github.com

cisco nx-os ebgp dos

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

Confidence

High

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability exists because eBGP traffic is mapped to a shared hardware rate-limiter queue. An attacker could exploit this vulnerability by sending large amounts of network traffic with certain characteristics through an affected device. A successful exploit could allow the attacker to cause eBGP neighbor sessions to be dropped, leading to a DoS condition in the network.

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco NX-OS Software",
    "versions": [
      {
        "status": "affected",
        "version": "7.0(3)F1(1)"
      },
      {
        "status": "affected",
        "version": "7.0(3)F2(1)"
      },
      {
        "status": "affected",
        "version": "7.0(3)F2(2)"
      },
      {
        "status": "affected",
        "version": "7.0(3)F3(1)"
      },
      {
        "status": "affected",
        "version": "7.0(3)F3(2)"
      },
      {
        "status": "affected",
        "version": "7.0(3)F3(3)"
      },
      {
        "status": "affected",
        "version": "7.0(3)F3(3a)"
      },
      {
        "status": "affected",
        "version": "7.0(3)F3(4)"
      },
      {
        "status": "affected",
        "version": "7.0(3)F3(3c)"
      },
      {
        "status": "affected",
        "version": "7.0(3)F3(5)"
      },
      {
        "status": "affected",
        "version": "9.2(1)"
      },
      {
        "status": "affected",
        "version": "9.2(2)"
      },
      {
        "status": "affected",
        "version": "9.2(2t)"
      },
      {
        "status": "affected",
        "version": "9.2(3)"
      },
      {
        "status": "affected",
        "version": "9.2(4)"
      },
      {
        "status": "affected",
        "version": "9.2(2v)"
      },
      {
        "status": "affected",
        "version": "9.3(1)"
      },
      {
        "status": "affected",
        "version": "9.3(2)"
      },
      {
        "status": "affected",
        "version": "9.3(3)"
      },
      {
        "status": "affected",
        "version": "9.3(4)"
      },
      {
        "status": "affected",
        "version": "9.3(5)"
      },
      {
        "status": "affected",
        "version": "9.3(6)"
      },
      {
        "status": "affected",
        "version": "9.3(7)"
      },
      {
        "status": "affected",
        "version": "9.3(7a)"
      },
      {
        "status": "affected",
        "version": "9.3(8)"
      },
      {
        "status": "affected",
        "version": "9.3(9)"
      },
      {
        "status": "affected",
        "version": "9.3(10)"
      },
      {
        "status": "affected",
        "version": "9.3(11)"
      },
      {
        "status": "affected",
        "version": "9.3(12)"
      },
      {
        "status": "affected",
        "version": "10.1(1)"
      },
      {
        "status": "affected",
        "version": "10.1(2)"
      },
      {
        "status": "affected",
        "version": "10.1(2t)"
      },
      {
        "status": "affected",
        "version": "10.2(1)"
      },
      {
        "status": "affected",
        "version": "10.2(1q)"
      },
      {
        "status": "affected",
        "version": "10.2(2)"
      },
      {
        "status": "affected",
        "version": "10.2(3)"
      },
      {
        "status": "affected",
        "version": "10.2(3t)"
      },
      {
        "status": "affected",
        "version": "10.2(4)"
      },
      {
        "status": "affected",
        "version": "10.2(5)"
      },
      {
        "status": "affected",
        "version": "10.2(3v)"
      },
      {
        "status": "affected",
        "version": "10.2(6)"
      },
      {
        "status": "affected",
        "version": "10.3(1)"
      },
      {
        "status": "affected",
        "version": "10.3(2)"
      },
      {
        "status": "affected",
        "version": "10.3(3)"
      },
      {
        "status": "affected",
        "version": "10.3(99w)"
      },
      {
        "status": "affected",
        "version": "10.3(99x)"
      },
      {
        "status": "affected",
        "version": "10.3(4a)"
      },
      {
        "status": "affected",
        "version": "10.4(1)"
      }
    ]
  }
]

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f1\\(1\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f2\\(1\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f2\\(2\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(1\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(2\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(3\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(3a\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(4\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(3c\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(5\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:9.2\\(1\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:9.2\\(2\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:9.2\\(2t\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:9.2\\(3\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:9.2\\(4\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:9.2\\(2v\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:9.3\\(1\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:9.3\\(2\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:9.3\\(3\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:9.3\\(4\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:9.3\\(5\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:9.3\\(6\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:9.3\\(7\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:9.3\\(7a\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:9.3\\(8\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:9.3\\(9\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:9.3\\(10\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:9.3\\(11\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:9.3\\(12\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:10.1\\(1\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:10.1\\(2\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:10.1\\(2t\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:10.2\\(1\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:10.2\\(1q\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:10.2\\(2\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:10.2\\(3\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:10.2\\(3t\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:10.2\\(4\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:10.2\\(5\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:10.2\\(3v\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:10.2\\(6\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:10.3\\(1\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:10.3\\(2\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:10.3\\(3\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:10.3\\(99w\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:10.3\\(99x\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:10.3\\(4a\\):*:*:*:*:*:*:*",
      "cpe:2.3:o:cisco:nx-os:10.4\\(1\\):*:*:*:*:*:*:*"
    ],
    "vendor": "cisco",
    "product": "nx-os",
    "versions": [
      {
        "status": "affected",
        "version": "7.0\\(3\\)f1\\(1\\)"
      },
      {
        "status": "affected",
        "version": "7.0\\(3\\)f2\\(1\\)"
      },
      {
        "status": "affected",
        "version": "7.0\\(3\\)f2\\(2\\)"
      },
      {
        "status": "affected",
        "version": "7.0\\(3\\)f3\\(1\\)"
      },
      {
        "status": "affected",
        "version": "7.0\\(3\\)f3\\(2\\)"
      },
      {
        "status": "affected",
        "version": "7.0\\(3\\)f3\\(3\\)"
      },
      {
        "status": "affected",
        "version": "7.0\\(3\\)f3\\(3a\\)"
      },
      {
        "status": "affected",
        "version": "7.0\\(3\\)f3\\(4\\)"
      },
      {
        "status": "affected",
        "version": "7.0\\(3\\)f3\\(3c\\)"
      },
      {
        "status": "affected",
        "version": "7.0\\(3\\)f3\\(5\\)"
      },
      {
        "status": "affected",
        "version": "9.2\\(1\\)"
      },
      {
        "status": "affected",
        "version": "9.2\\(2\\)"
      },
      {
        "status": "affected",
        "version": "9.2\\(2t\\)"
      },
      {
        "status": "affected",
        "version": "9.2\\(3\\)"
      },
      {
        "status": "affected",
        "version": "9.2\\(4\\)"
      },
      {
        "status": "affected",
        "version": "9.2\\(2v\\)"
      },
      {
        "status": "affected",
        "version": "9.3\\(1\\)"
      },
      {
        "status": "affected",
        "version": "9.3\\(2\\)"
      },
      {
        "status": "affected",
        "version": "9.3\\(3\\)"
      },
      {
        "status": "affected",
        "version": "9.3\\(4\\)"
      },
      {
        "status": "affected",
        "version": "9.3\\(5\\)"
      },
      {
        "status": "affected",
        "version": "9.3\\(6\\)"
      },
      {
        "status": "affected",
        "version": "9.3\\(7\\)"
      },
      {
        "status": "affected",
        "version": "9.3\\(7a\\)"
      },
      {
        "status": "affected",
        "version": "9.3\\(8\\)"
      },
      {
        "status": "affected",
        "version": "9.3\\(9\\)"
      },
      {
        "status": "affected",
        "version": "9.3\\(10\\)"
      },
      {
        "status": "affected",
        "version": "9.3\\(11\\)"
      },
      {
        "status": "affected",
        "version": "9.3\\(12\\)"
      },
      {
        "status": "affected",
        "version": "10.1\\(1\\)"
      },
      {
        "status": "affected",
        "version": "10.1\\(2\\)"
      },
      {
        "status": "affected",
        "version": "10.1\\(2t\\)"
      },
      {
        "status": "affected",
        "version": "10.2\\(1\\)"
      },
      {
        "status": "affected",
        "version": "10.2\\(1q\\)"
      },
      {
        "status": "affected",
        "version": "10.2\\(2\\)"
      },
      {
        "status": "affected",
        "version": "10.2\\(3\\)"
      },
      {
        "status": "affected",
        "version": "10.2\\(3t\\)"
      },
      {
        "status": "affected",
        "version": "10.2\\(4\\)"
      },
      {
        "status": "affected",
        "version": "10.2\\(5\\)"
      },
      {
        "status": "affected",
        "version": "10.2\\(3v\\)"
      },
      {
        "status": "affected",
        "version": "10.2\\(6\\)"
      },
      {
        "status": "affected",
        "version": "10.3\\(1\\)"
      },
      {
        "status": "affected",
        "version": "10.3\\(2\\)"
      },
      {
        "status": "affected",
        "version": "10.3\\(3\\)"
      },
      {
        "status": "affected",
        "version": "10.3\\(99w\\)"
      },
      {
        "status": "affected",
        "version": "10.3\\(99x\\)"
      },
      {
        "status": "affected",
        "version": "10.3\\(4a\\)"
      },
      {
        "status": "affected",
        "version": "10.4\\(1\\)"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ebgp-dos-L3QCwVJ

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

Confidence

High

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-20321